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This is in response to the appeal brief filed 07/1 1/2006 appealing from the Office action mailed 
03/24/2006. 
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(1) Real Party in Interest 

A statement identifying by name the real party in interest is contained in the brief. 

(2) Related Appeals and Interferences 

The examiner is not aware of any related appeals, interferences, or judicial proceedings 
which will directly affect or be directly affected by or have a bearing on the Board's decision in 
the pending appeal. 

(3) Status of Claims 

The statement of the status of claims contained in the brief is correct. 

(4) Status of Amendments After Final 

The appellant's statement of the status of amendments after final rejection contained in 
the brief is correct. No amendment after final has been filed. 

(5) Summary of Claimed Subject Matter 

The summary of claimed subject matter contained in the brief is correct. 

(6) Grounds of Rejection to be Reviewed on Appeal 

The appellant's statement of the grounds of rejection to be reviewed on appeal is 

correct. 

(7) Claims Appendix 

A substantially correct copy of appealed claim 6 appears on page 1 1 of the Appendix to 
the appellant's brief. The minor error is the recitation of "protocolumn" rather than -protocol.--. 
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(8) Evidence Relied Upon 

5,905,859 Holloway et al. 05-1999 

(9) Grounds of Rejection 

The following ground(s) of rejection are applicable to the appealed claims: 

Claim Rejections - 35 USC § 102 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

1. Claims 1 -10 are rejected under 35 U.S.C. 102(b) as being anticipated by Holloway, et 
al. in US Patent 5,905,859 (hereinafter US '859). 

As it pertains to Claim 1 , US '859 teaches: 
A network having an intrusion protection system (see column 2, lines 54-55), comprising: 

a network medium (see column 17, lines 66-67)] 

a management node connected to the network medium and running an intrusion 
prevention system management application (see column 18, lines 32-33; where the network 
management station is the management node and it is inherent that a detection means 
application is running)] and 

a plurality of nodes connected to the network medium and running an instance of an 
intrusion protection system application (see Figure 16; where each managed hub signifies a 
node), at least one of the nodes having an identification assigned thereto based on a logical 
assignment grouping one or more of the plurality of nodes, each node sharing an identification 
being commonly vulnerable to at least one network exploit (see column 3, lines 4 - 5; where the 
MAC address is the ID and each node has an authorized address). 
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For Claim 2, US '859 teaches: 
The network according to claim 1, wherein the management node is operable to originate a 
security update that is transmitted to each node sharing the identification, any remaining nodes 
not sharing the identification being excluded from receiving the update (see column 8, lines 8- 
10; where each nodes copies the group address). . 

For Claim 3, US '859 teaches: 
The network according to claim 1, wherein a plurality of identifications are respectively assigned 
to one or more of the plurality of nodes (see Figure 16; where each hub is in a differing location 
that can be used as a form of identification (e.g. building, department, floor)). 

For Claim 4, US '859 teaches: 
The network according to claim 1, wherein the identification is an Internet Protocol multicast 
group identification (see column 2, line 61; where the ID is a multicast/group address also 
referred to as the LAN security feature group address). 

For Claim 5, US '859 teaches: 
The network according to claim 2, further comprising: 

a plurality of network mediums (see column 17, lines 66 - 67); and 

at least one router (see Figure 16), the management node and the plurality of nodes 
each respectively connected to one of the plurality of network mediums in the network, the 
router disposed intermediate the plurality of network mediums and operable to forward the 
security update from the network medium having the management node connected thereto to 
any nodes connected to the remaining network mediums and sharing the identification (see 
column 15, lines 34 - 38). 

For Claim 6, US '859 teaches: 
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The network according to claim 5, wherein the router determines whether any of the plurality of 
nodes connected to the remaining network mediums share the identification through 
implementation of the Internet group management protocol (see column 15, lines 30-32). 

For Claim 7, US '859 teaches: 
The network according to claim 1, wherein the network medium is an Ethernet (see column 15, 
lines 50-51). 

For Claim 8, US '859 teaches: 
The network according to claim 1 , further comprising a network-based intrusion protection 
system appliance dedicated to filtering inbound and outbound data frames transmitted across 
the network medium (see column 18, lines 10- 13; where the discovery request/response 
frames act as inbound and outbound frames). 

For Claim 9, US '859 teaches: 
The network according to claim 8, wherein the network-based intrusion protection system 
appliance interfaces with the network medium via a network interface card operating in 
promiscuous mode (see Figure 3 and column 5, line 16). 

For Claim 10, US '859 teaches: 
The network according to claim 8, wherein the network-based intrusion protection system 
appliance shares the identification (see column 18, lines 1 - 4; where a list is maintained). 
(10) Response to Argument 

A. Independent Claims 1 and Dependent Claims 2-7 
In the present case, the Appellant argues that the Examiner has not demonstrated how "a 
management node... running an intrusion prevention system management application" 
necessarily flows from Holloway's teachings and merely monitoring the progress of a detected 
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frame does not require or imply the running of an intrusion prevention system management 
application. 

With respect to this argument, the Examiner believes that the recitation of an apparatus 
and method for the detection and prevention of security intrusion in a computer network of 
Holloway is equivalent to Appellant's use of an "intrusion prevention system" (see Abstract; 
column 2, lines 49 - 58; column 3, lines 41-51). In an instance where a monitoring and detection 
means are present, it is inherent that a form of an intrusion prevention system is running so that 
the invention of Holloway can realize its functionality. The claim broadly recites the intrusion 
prevention system with no further limitations; therefore absent any particulars of the intrusion 
prevention system the Examiner has interpreted the claim in view of the broadest reasonable 
interpretation. As such, the recitation in Holloway of "preventing" satisfies the condition of the 
claim limitation. 

Appellant also asserts that Holloway's managed hubs themselves are not grouped 
together according to a common vulnerability to a network exploit, as recited in claim 1. In 
response to this assertion, the Examiner believes the LAN security feature group address is the 
vulnerability by which the nodes are grouped. Furthermore, responses received from the 
managed hubs and maintaining a list of interconnected devices that support the LAN security 
feature signify that devices are in communication and are aware of other authorized/valid nodes 
meeting the limitation of the claim (see column 3, lines 25 - 32 column 5, lines 17-22; column 
7, lines 33 - 48). Appellant is essentially arguing that the references fail to show limitations not 
present in the rejected claim. 

Accordingly, for reasons discussed above, the Examiner maintains that Holloway 
teaches the elements of claim 1 . Dependent claims 2-7 depend directly or indirectly from claim 
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1, thus inheriting all of the limitations of that independent claim. Consequently, the Examiner 
maintains the rejection of claims 2-7. 

B. Dependent Claim 8 and Claim 10 
With regard to Appellant's arguments that there is no indication that Holloway's network 
management station is an intrusion protection appliance, the Examiner notes that Holloway's 
Figure 3 illustrates Appellant's claim limitation of an "... intrusion protection system appliance 
that interfaces with the network medium via a network interface card..." (see Figure 3 and 
column 5, lines 10-16). 

C. Dependent Claim 9 
Appellant asserts that Holloway does not teach an intrusion protection system appliance, 
much less an intrusion protection system appliance that interfaces with the network medium via 
a network interface card operating in promiscuous mode. The Examiner maintains that 
Holloway's Figure 3 illustrates Appellant's claim limitation of an "... intrusion protection system 
appliance that interfaces with the network medium via a network interface card..." (see Figure 3 
and column 5, lines 10 - 16). 
(11) Related Proceeding(s) Appendix 

No decision rendered by a court or the Board is identified by the examiner in the Related 
Appeals and Interferences section of this examiner's answer. 

For the above reasons, it is believed that the rejections should be sustained. 
Respectfully submitted, 



Application/Control Number: 10/001,446 
Art Unit: 2132 



Laurel Lashley 
Examiner 
Art Unit 2132 





Conferees: 



GILBERTO BARRON -> 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 



Matthew Smithers ffifefi— 



Gilberto Barron 



